[WW-2264] A session value is overwrited by requesting. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Not A Problem
Affects Version/s: 2.0.9
Fix Version/s: 2.0.9
Component/s: Value Stack
Labels:
None
Environment:

I tested in struts2.0.9

Description

The attacker can inject the given value into session map by clicking following URL.

http://example.com/SomeAction.action?session.somekey=someValue

[[A session value is overwrited by demanding a browser. ]]
FROM: hisato.killing@gmail.com
TO: struts-dev
>>>>
1.This problem is caused in struts 2.0.9 and others perhaps.

In that case, it is assumed that it is as follows.
i. SomeAction is implements SessionAware.
ii. And It is defined in struts-default.
iii. devMode is true or false.

["someValue"] of the name of "someKey" enters in SessionMap when the
request shown in that URL is processed.
It is meant that ["someValue"] is an array including "someValue".
This causes ClassCastException in case of almost.

hisato.killing@gmail.com
It is thought that this only has to be my mistake ,setting etc.

Thanks

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

s2inject.zip
18/Oct/07 05:08
6 kB
Hisato Killing

Activity

People

Assignee:: Unassigned

Reporter:: Hisato Killing

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Oct/07 05:07

Updated:: 28/Oct/12 22:08

Resolved:: 29/Oct/07 18:46